AffixIOAFFIXIO
Contact

At a glance

Product
Merkle audit for verify decisions
Model
Proof-not-log instead of mutable application logs
Tree data
Digest, event type, timestamp, verdict only
Verification
Independent inclusion proofs for auditors
Tool
Browser Merkle verifier at /tools/merkle-verifier
Retention
No PII in audit tree by default

The gap

Compliance teams grep logs and hope

Access control, age gates, and payment authorisations generate thousands of decisions daily. Most organisations store them in application logs with retention policies, admin access, and no integrity guarantee.

When the ICO, FCA, or an internal auditor asks for evidence, teams export CSV files and explain what the logs mean.

Proof-not-log audit replaces that narrative with a Merkle commitment that breaks if anyone tampers with a row.

SHA-256
Each audit row hashes to a leaf. The root commits to every decision in the tree.
YES/NO
Verdict stored with proof digest and event type. No PII in the tree by default.
Export
Inclusion proofs exportable for third-party verification without system access.

Architecture

Application logs vs Merkle audit

Application logs
  • Entries editable by admins with sufficient access
  • Retention gaps when logs rotate
  • Auditor must trust the logging system
  • No standard format across services
  • PII often mixed into log payloads
AffixIO Merkle audit
  • Tamper-evident root hash
  • Inclusion proof per decision
  • Independent verification via Merkle tool
  • Consistent schema across all circuits
  • Digest only, no standing PII
Audit tree Root: 7f3a…c821
a3f8…2b1c ticket_verify 2026-07-12 14:02 YES
d91e…4f07 age_gate_18 2026-07-12 14:03 YES
b2c4…8a19 ticket_consume 2026-07-12 14:03 NO
e5d7…1c3f agent_authorise 2026-07-12 14:05 NO

Capabilities

What the audit tree records

Digest

Proof fingerprint

SHA-256 hash of the verified proof. Links audit row to the original decision.

Event

Circuit event type

ticket_verify, age_gate, agent_authorise, and other circuit-specific labels.

Verdict

YES or NO

Binary outcome stored with the row. No ambiguity in compliance exports.

Inclusion

Merkle proof

Path from leaf to root. Verifiable without access to the full tree.

Root

Periodic anchor

Root hash publishable to external timestamp services for long-term integrity.

Export

Regulator pack

Batch export of inclusion proofs for audit periods. No raw log dump required.

Integration

Four steps to proof-not-log audit

01

Verify at boundary

Every circuit verify call returns YES or NO plus a proof digest.

02

Append to tree

Digest, event type, and verdict append as a Merkle leaf automatically.

03

Verify inclusion

Use the Merkle verifier to confirm any row existed at a given root.

04

Export for audit

Provide inclusion proofs to regulators. No application log access required.

Where it applies

Audit scenarios

Financial services

FCA-ready evidence for payment authorisation decisions without log archaeology.

Online Safety

Age gate audit trail for Ofcom compliance reviews.

Event venues

Admission counts reconciled against Merkle consume events post-match.

Healthcare

Eligibility decisions with tamper-evident proof, not EMR access logs.

Government

Programme access decisions exportable for parliamentary audit.

AI agents

Agent authorisation gates with Merkle evidence for each tool call boundary.

Proof-not-log for Article 12 and beyond

EU AI Act Article 12 requires high-risk AI systems to support automatic logging that is tamper-evident. Application logs alone fail that bar: administrators can edit rows, clocks drift, and retention policies vary by team. Merkle audit trees over signed decision digests give regulators something they can replay independently.

AffixIO records allow or deny outcomes, not prompt content or end-user PII by default. Each verify appends a hash-linked entry. Inclusion proofs export without granting database access to auditors.

When SIEM is not enough

SIEM aggregates events for SOC workflows. It does not prove a specific policy decision was authentic at issuance time. Pair SIEM for operations with proof-not-log for defensible audit. See compare: proof-not-log vs SIEM.

Readiness workflow

Run the Article 12 readiness checker, map logging obligations in the buyer guide, then reproduce Merkle export in the sandbox. Reviewed 12 July 2026.

Frequently asked questions

What is proof-not-log audit?

Every AffixIO verify decision appends a digest to a Merkle tree. Auditors verify inclusion cryptographically instead of trusting editable application logs.

Can regulators verify audit entries independently?

Yes. Export the Merkle root and inclusion proof. The Merkle verifier confirms the entry without access to your systems.

What data is stored in the audit tree?

Proof digest, event type, timestamp, and YES or NO verdict. Personal data stays out of the tree by default.

How does this differ from SIEM logging?

SIEM logs record what an application claims happened. Merkle audit records a cryptographic commitment that cannot be altered without breaking the root hash.

Verify your first audit entry

Run a circuit verify in the sandbox, then confirm Merkle inclusion with the verifier tool. Trust documentation in the Trust Center.